IOC Radar
IPMediumSignal 55/100

103.90.97.98

Location
IndiaIndia
Ahmedabad, Gujarat
ASN
AS45117
INPL's
First Seen
Jan 17, 2025
Last Seen
Jun 7, 2026
Jan 17
First Seen
512d ago
Jun 7
Last Seen
6d ago
22
Reports
source reports
55%
Confidence
medium
8/91
VirusTotal
detections
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryINIndia
RegionAhmedabad, Gujarat
ASNAS45117
OrganizationINPL's

Feed Intelligence Summary

22 reports55% confidence
22
Source reports
55%
Confidence score
Category tags
abuseaccess controlaccount accessaccount compromiseaccount discoveryaccount enumerationaccount profilingaccount takeoveraccount takeover attemptactive scanactive scanningadresse ipasiaatif feedattackattacker ip addressesauthenticationauthentication abuseauthentication attackazure adbad reputationbad web botbankingbanlist feedbelgiumbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc2 communicationc2 servercloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscredential accesscredential brute forcecredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdata store exposuredata theftddosdecoy systemdenial of servicedigital oceandistributed attackseuropeexploitation activityexploited hostexternal remote servicesfinancefinancial servicesfinancial technologyfinlandfranceftp brute forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationimapimap attackimap brute forceinindiaindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityioclateral movementlogin attacklogin attemptlogin attemptslogin brute forcemalaysiamalicious activitymalicious softwaremalwaremalware distributionmanualmicrosoft entra idmultiple usersnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americapassword attackpassword attackspassword crackingpayment processingphishingphishing attackpolandpop3 brute forceprivateprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingsaslsasl authentication attackscannerscannersscanning activitysecurity operationssecurity policyservice scansmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringspamssh attackswedent1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tcp protocoltcp protocol attacktcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunited statesvalid accountsvulnerability scanwealth managementweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
22
Reports
First seenJan 17, 2025
Last seenJun 7, 2026
GeolocationIN
CountryIndia
LocationAhmedabad, Gujarat
ASNAS45117
OrgINPL's
Coords22.2955, 73.1645

VirusTotal

8/ 91vendors flagged
9% detection rateJun 8, 2026

WHOIS

description
List of SSH attacking IPs detected by Rimba Siber honeypot.
raw
inetnum: 103.90.96.0 - 103.90.99.255 netname: INPL-IN descr: Ishan Netsol Pvt Ltd admin-c: INPL1-AP tech-c: INPL1-AP country: IN mnt-by: MAINT-IN-IRINN mnt-irt: IRT-ISHAN-IN mnt-routes: MAINT-IN-ISHAN status: ALLOCATED PORTABLE last-modified: 2022-06-10T11:57:10Z source: APNIC irt: IRT-ISHAN-IN address: 315/6 Shivam Complex, Opp. Jagnath Temple, Dr. Yagnik Road e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IT136-AP tech-c: IA179-AP auth: # Filtered mnt-by: MAINT-IN-ISHAN last-modified: 2014-10-13T06:06:07Z source: APNIC role: ISHAN NETSOL PVT LTD - network administrator address: 313 Shivam Complex, Dr. Yagnik Road, Opp Jagnath Temple, Rajkot - Gujarat - India country: IN phone: +91 2816647426 e-mail: [email protected] admin-c: INPL1-AP tech-c: INPL1-AP nic-hdl: INPL1-AP mnt-by: MAINT-INPL-IN last-modified: 2021-05-25T07:18:52Z source: APNIC route: 103.90.97.0/24 descr: INPL's IP Pool origin: AS45117 country: IN remarks: send spam and abuse report to [email protected] notify: [email protected] mnt-routes: MAINT-IN-ISHAN mnt-by: MAINT-IN-IRINN last-modified: 2017-04-17T11:30:15Z source: APNIC
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 22 threat reports